← Back to Skills Marketplace
MuleRouter
by
Misaka43fd
· GitHub ↗
· v0.1.10
1242
Downloads
2
Stars
2
Active Installs
10
Versions
Install in OpenClaw
/install mulerouter
Description
Generates images and videos using MuleRouter or MuleRun multimodal APIs. Text-to-Image, Image-to-Image, Text-to-Video, Image-to-Video, video editing (VACE, k...
Usage Guidance
This package appears to be a normal MuleRouter/MuleRun client: it uploads images/videos (local files may be read and converted to base64) and sends them to the configured API using the provided API key. Before installing or running: 1) Verify you trust the package source (the registry metadata/homepage point to a GitHub repo). 2) Inspect pyproject.toml to see installed dependencies and ensure `uv` is legitimate in your environment. 3) Avoid storing high-value secrets in a project `.env` in a shared/workspace; prefer an environment variable injected securely by your runtime if possible. 4) Do not upload images or videos that contain sensitive information. 5) If you need stronger assurances, run the code in an isolated environment (container/VM) and review network traffic to confirm requests only go to the expected api.mulerouter.ai or api.mulerun.com endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: mulerouter
Version: 0.1.10
The OpenClaw AgentSkills skill bundle is designed to interact with the MuleRouter/MuleRun multimodal APIs for image and video generation/editing. The code demonstrates strong security practices, particularly in `core/image.py`, which implements robust validation for local file paths provided as input. This validation includes whitelisting allowed image extensions, resolving paths to prevent traversal attacks, and explicitly blocking access to sensitive system directories (`/etc`, `/proc`, `/sys`, `~/.ssh`, `~/.aws`, `.env` files, etc.). API keys are handled securely via environment variables and standard `Authorization` headers. There is no evidence of data exfiltration to unauthorized endpoints, persistence mechanisms, obfuscation, or prompt injection attempts against the agent in the documentation. The `Bash(uv run *)` permission is broad but necessary for the skill's stated purpose, and the Python scripts themselves are not malicious.
Capability Assessment
Purpose & Capability
Name/description (MuleRouter image/video generation) match the included Python client, model registry, model-specific CLI scripts, and the declared need for an API key and network access to MuleRouter/MuleRun endpoints. Required binaries (python3, uv) and the single primary credential (MULEROUTER_API_KEY) are appropriate for a client that calls an external API.
Instruction Scope
SKILL.md instructs the agent to run provided Python scripts via `uv run` and to read local image files (converting them to base64) before uploading to the API. The code includes explicit validation that blocks reading common sensitive dirs (.ssh, .aws, /etc, /proc, etc.) and forbids reading .env files, which reduces risk. Note: SKILL.md recommends creating a `.env` in the skill working directory to hold the API key (this is expected but you should avoid placing high-value secrets in project directories).
Install Mechanism
No external downloads or remote script execution URLs are present; dependencies are installed via `uv sync` as shown in SKILL.md and the metadata. However there's a minor coherence issue: the registry header stated 'No install spec — instruction-only', while SKILL.md and package metadata reference `uv sync` and include many code files. The package itself contains code (pyproject.toml), so running `uv sync` will install dependencies and write files to the environment — only run if you trust the source.
Credentials
The skill requires a single API credential (MULEROUTER_API_KEY) and one of MULEROUTER_BASE_URL or MULEROUTER_SITE to determine endpoint; this is proportional to the stated functionality. There are no unexpected secret env var requests or other unrelated credentials.
Persistence & Privilege
The skill is not set to always:true and does not request elevated or persistent system privileges. It does not modify other skills or system-wide configs. Autonomous invocation is enabled by default (disable-model-invocation is false) which is normal for skills — not an independent red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mulerouter - After installation, invoke the skill by name or use
/mulerouter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.10
- Updated skill metadata to specify required environment variable logic: `MULEROUTER_API_KEY` and one of `MULEROUTER_BASE_URL` or `MULEROUTER_SITE` are now enforced with clearer definitions.
- Added `env_one_of` and `install` fields to skill metadata for improved environment and dependency management.
- Expanded the file whitelist in metadata to explicitly include `pyproject.toml`.
- No changes to underlying functionality or APIs—documentation and metadata improvements only.
v0.1.9
- Added built-in configuration check command using core.config.load_config.
- Updated configuration steps to recommend .env files over export commands for setting credentials.
- Adjusted compatibility to specify allowed Bash commands (“Bash(uv run *) Bash(uv sync *) Read”).
- Clarified environment variable loading and removed redundant shell export examples.
- No code or user-facing API changes; documentation and setup instructions improved for clarity and security.
v0.1.8
- Added homepage field to skill metadata for quick access to the project repository.
- Introduced structured 'metadata' section including environment and binary requirements, primary environment variable, and relevant file paths.
- No changes to core usage or API descriptions.
v0.1.7
- Updated environment variable documentation to use new fields: requires.env and primaryEnv.
- Clarified environment variable requirements and authentication process in the manifest and documentation.
- No code or feature changes; only SKILL.md was updated for clearer configuration guidance.
v0.1.6
- Added a summary of required credentials and environment variables to the top-level description and compatibility fields.
- Declared `MULEROUTER_API_KEY` as the primary credential and clarified required environment variables in the metadata section.
- No changes to workflow or technical usage; documentation update only.
v0.1.5
- The `.env` loading process now only imports variables prefixed with `MULEROUTER_` for improved security and isolation.
- SKILL.md updated to clarify that only `MULEROUTER_`-prefixed environment variables are loaded from `.env`; unrelated variables are ignored.
v0.1.4
- Added strict validation for local image file paths: only allows recognized image extensions and rejects non-image or system directory files.
- Updated documentation in SKILL.md to detail the new image input validation logic and accepted extensions.
- Introduced new tests for image path validation and processing.
v0.1.3
- Clarified environment variable requirements: at least one of MULEROUTER_BASE_URL or MULEROUTER_SITE is needed, and improved table formatting.
- Added a note to avoid storing unrelated secrets in .env files used with this skill.
- Specified that the skill loads .env from the current working directory at startup.
- No functional changes to usage or APIs; updated documentation only.
v0.1.2
- Expanded and clarified environment variable requirements, including stricter requirement for MULEROUTER_API_KEY and at least one of MULEROUTER_BASE_URL or MULEROUTER_SITE.
- Added explicit reference to API key handling in Authorization headers.
- Updated instructions for presenting available models and tags, with guidance to prompt the user on model choice using interactive questions.
- Added 'allowed-tools: Bash Read' to metadata.
- Improved documentation structure for configuration, environment setup, and workflow.
v0.1.1
- Added comprehensive setup and usage instructions for configuring and running the MuleRouter skill.
- Clarified environment variable priority and .env usage for API configuration.
- Provided step-by-step workflow and quick-start examples for generating images and videos.
- Explained best practices for image input and outlined recommended timeouts for generation tasks.
- Linked to documentation for API reference and model specifications.
Metadata
Frequently Asked Questions
What is MuleRouter?
Generates images and videos using MuleRouter or MuleRun multimodal APIs. Text-to-Image, Image-to-Image, Text-to-Video, Image-to-Video, video editing (VACE, k... It is an AI Agent Skill for Claude Code / OpenClaw, with 1242 downloads so far.
How do I install MuleRouter?
Run "/install mulerouter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MuleRouter free?
Yes, MuleRouter is completely free (open-source). You can download, install and use it at no cost.
Which platforms does MuleRouter support?
MuleRouter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MuleRouter?
It is built and maintained by Misaka43fd (@misaka43fd); the current version is v0.1.10.
More Skills